Privacy Matters

I’ve been avoiding commenting on current events for Lent. My comments on Gorsuch came out during a depression rant, so I’ve stayed away from current events to qualified success.

I find I’m most tempted to talk not about things that freak me out but those things that don’t freak me out. Sometimes media covers stories with an undue helping of sensationalist hyperbole, usually in the form of science says this common product is killing us!* or These misunderstood foreigners hate America! or lastly Hackers have the power to cause earthquakes. As there are enough real scary things going on, I tend to want to debunk those stories that are being overinflated by media news agencies, at least to say it’s big but not that big.

Today’s story, about the GOPs repeal of broadband consumer privacy rules set by the (Obama administration) FCC isn’t really all that big. But it can get big if our major internet service providers — especially those with regional monopolies — decide to exploit the unchanging status quo.

S.J. Res 34 was passed in both the Senate and the House, and then signed by the President. This doesn’t change the federal rules regarding consumer privacy so much as prevent rules that were set to change from actually doing so. (The changes would have been, I think, for the better).

Many of my friends are freaking out, though fortunately for them, they live in California. Here, state law covers the important features that won’t become federalized. California’s law is not a perfect intersection of the FCC regulations, but it hits the important notes:

Companies that provide internet access or web services have to have a privacy policy that is easily accessible by end-users.

That privacy policy has to state what data is gathered, and with whom it is shared. Accurately. That is, the company has to abide by the privacy policy it states. This still allows them to collect crazy amounts of data on its users, but then the company has to declare its intentions to do so.

Some data collection is essential to doing business with a client (e.g. your identity and credit card number and contact information). Some data (your medical information, your browsing habits, your porn accounts) are not essential. Regarding the collection and distribution of data from the latter category, there needs to be a reasonably easy process by which clients can opt-out. The FCC really wanted this data collection to be opt-in only, which is to say you have to affirm its okay before your ISP starts deep-packet-scanning your internet traffic.

Some data collection is essential to doing business with a client (e.g. your identity and credit card number and contact information). Some data (your medical information, your browsing habits, your porn accounts) are not essential. Regarding the collection and distribution of data from the latter category, there needs to be a reasonably easy process by which clients can opt-out. The FCC really wanted this data collection to be opt-in only, which is to say you have to affirm its okay before your ISP starts deep-packet-scanning your internet traffic.

Yes, these basics (I think they’re pretty basic) are what our lawmakers — the GOP pretty strictly along partisan lines — voted down and decided you, the end user, do not deserve. A couple legislators saw this and announced on the congressional floors hey, no US citizen wants us to do this. We’re just being assholes. We’ve seen some Republicans choose not to vote the party line. But most did.

Still, for us Californians, we have these protections. The FCC was going to make these protections federal, if not for S.J. Res 34.

So, the problem isn’t what big ISPs are doing — yet. They’ve considered numerous revenue enhancement ideas that would violate user privacy (from inserting ads into data packets to profiling end-users regarding health, interests, etc. to be sold to insurance agents and law enforcement), none have been rolled out to the general public. Most test-balloons so far have been disbanded after poor public reception (seasoned with vitriol and invective from rights-protectors like the EFF) Some programs have been tabled in anticipation of the new legal limits. But now that we can expect years without these protections in some states, Comcast, AT&T and Verizon are assuredly having brainstorming sessions right now to consider to turning end-user personal data into additional cash-flow.

If you’re not in California, it’s a good time to check to see if you have state laws that cover this sort of thing. (The closest I was able to find in Oregon were their statutes on identity theft, which I think don’t apply until one commits actual fraud.)

But whether or not your ISPs can legally become bad actors doesn’t change that bad actors already exist, some of which are criminal, some of which are commercial, some of which are law enforcement agents of the state, and some of which are national intelligence agencies (and not necessarily your nation). So it’s probably a good idea to develop some awareness of how to keep your surfing habits difficult to unravel, especially if (like me) you’re inclined to do a websearch for elementary school orgasms on a whim.

Surfing using HTTPS sites will still allow your ISP to see what sites you use, but not what you do there. Not using ISP proprietary software helps if the company is known to insert spyware into their applications. (Check online for consumer watch groups for reports, especially if use of service-provider proprietary software is mandatory.) Early versions of EA Origin included spying functions, and its EULA still includes language authorizing EA to spy on their customers.

VPNs help too, though usually at the cost of slower data speeds. There are some fears of dishonest VPNs (and by all means, research which service you pick) though the VPN market is one with a lot of competition, and since trust is a critical feature of the product, even doubt of that trust can collapse a business: The market is tight enough that legally mandated data-collection has proven a hazard to such businesses, and as such the industry has been able to ward off state restrictions on the concern of giving foreign competitors an edge.

But VPNs can be tricky to learn.

My solution was to purchase a VPN license on the cheap just to understand how to configure one and turn it on on and off (off for gaming, on for business, porn and plotting terror activities researching fictional supervillain master-plans). As my needs for better-assured privacy escalate, I’ll shop for more robust services, and I’ll know what I’m doing (more or less) once I get them.

So speaking optimistically, the S.J. Res 34 hullabaloo is — for now — just a hyperbolic media panic. Big ISPs are not yet doing anything that is visibly unconscionable with the private data of Americans. (Visibly is a relevant word here.)

And yet, the Department of Justice, the US Congress and the intelligence community all already believe they have a right to my data in the interest of national security, even if I and mine have no significance to national security.

And then, if this panic encourages more awareness of privacy concerns, if the typical end user learns to engage in privacy hygiene the way that we already engage in malware hygiene, then, I opine, the internet will become a sturdier domain, and its citizens, healthier, for the effort.

* Saccharin is one of the artificial sweeteners I can use without getting headaches or dizziness. It was in wide use in the 70s and is still the third most popular artificial sweetener. And it’s famous for studies that suggested it is carcinogenic in laboratory rats. Less known about these studies is that the doses administered to the test subjects were superfluously large. It would be challenging for a human to consume a proportional amount, and in doing so would probably consume carcinogenic quantities of other substances as well. This is especially ironic considering that saccharin is 300-400 times sweeter than sugar, so only a tiny amount (inconsequential regarding nutrition or toxicity) is used to sweeten things. It would be perfect except for a bitter aftertaste that many folks cannot stand.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s